Machete Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en38
fr2
es2

Country

us10
ca8
fr2
es2

Actors

Machete42

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1WordPress Access Restriction user-new.php access control7.57.2$10k-$25k$0-$1kNot DefinedOfficial Fix0.08CVE-2017-17091
2Apple iOS/iPadOS Kernel information disclosure3.33.2$10k-$25k$2k-$5kNot DefinedOfficial Fix0.05CVE-2020-27950
3phpBB startup.php cross site scripting4.34.1$1k-$2k$0-$1kNot DefinedOfficial Fix0.00CVE-2015-1431
4vBulletin visitormessage.php code injection6.36.0$2k-$5k$0-$1kHighNot Defined0.00CVE-2014-9463
5Oracle Java JRE/SE Sandbox privileges management8.17.7$25k-$50k$0-$1kProof-of-ConceptWorkaround0.00
6Oracle Directory Server Enterprise Edition NSS memory corruption8.88.4$25k-$50k$2k-$5kNot DefinedOfficial Fix0.02CVE-2016-2834
7Apple macOS Directory Utility Login improper authentication8.37.5$10k-$25k$0-$1kHighOfficial Fix0.06CVE-2017-13872
8Adobe Flash Player memory corruption8.47.3$25k-$50k$0-$1kProof-of-ConceptOfficial Fix0.02CVE-2017-11281
9Adobe Flash Player MP4 Atom Parser memory corruption8.47.3$25k-$50k$0-$1kProof-of-ConceptOfficial Fix0.00CVE-2017-11282
10Comcast MX011ANM SNMP Server access control5.55.5$0-$1k$0-$1kNot DefinedNot Defined0.04CVE-2017-9496
11Cisco Ironport WSA SSL Interception Proxy privileges management6.25.9$10k-$25k$5k-$10kProof-of-ConceptNot Defined0.00CVE-2012-1316
12Recourse Technologies ManTrap cwd information disclosure4.03.6$1k-$2k$0-$1kProof-of-ConceptOfficial Fix0.05CVE-2000-1142
13Splunk Enterprise input validation6.46.1$0-$1k$0-$1kNot DefinedOfficial Fix0.06CVE-2018-7432
14Apache Atlas Search Reflected cross site scripting5.25.2$5k-$10k$2k-$5kNot DefinedNot Defined0.00CVE-2017-3153
15Oracle Java SE AWT access control6.15.8$25k-$50k$2k-$5kNot DefinedOfficial Fix0.04CVE-2018-2641
16Pivotal RabbitMQ Cookie 7pk security5.15.1$1k-$2k$0-$1kNot DefinedNot Defined0.05CVE-2018-1279
17GitLab Community Edition/Enterprise Edition Wiki API input validation8.58.2$2k-$5k$0-$1kNot DefinedOfficial Fix0.00CVE-2018-18649
18Cisco Webex Business Suite MyWebex cross site scripting5.75.7$5k-$10k$2k-$5kNot DefinedNot Defined0.00CVE-2018-15461
19ZyXEL P660HN-T v1 ViewLog.asp command injection7.36.4$5k-$10k$0-$1kProof-of-ConceptWorkaround0.47
20Audacity DLL Loader avformat-55.dll access control6.56.5$1k-$2k$0-$1kNot DefinedNot Defined0.09CVE-2017-1000010

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
169.64.43.33falcon207.startdedicated.comHigh
2109.61.164.33109-61-164-33.dsl.orel.ruHigh
3142.44.236.215ip215.ip-142-44-236.netHigh
4XXX.XX.XXX.XXHigh
5XXX.XX.X.XXXxxxxx.xx-xxx-xx-x.xxxHigh
6XXX.X.X.XXXxxxxxx.xxx.x.x.xxx.xxxxxxx.xxxx-xxxxxx.xxHigh
7XXX.XXX.XXX.XXHigh
8XXX.XX.XX.XXXxx-xxxxx-xxxx.xxxxxxxxxx.xxxHigh
9XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxx.xxxxHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1211CWE-2547PK Security FeaturesHigh
4TXXXXCWE-XXXXxxxxxxx XxxxxxxxxxxHigh

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/admin/config.php?display=backupHigh
2File/proc/self/cwdHigh
3Filefile_download.phpHigh
4Filexxxxxxxx/xxxxxxx.xxxHigh
5Filexxxxx.xxxMedium
6Filexxxxx.xxx?xx=xxxxxxxxxHigh
7Filexxxxxxxxxx.xxxHigh
8Filexxxxxx.xxxMedium
9Filexxxxxxx.xxxMedium
10Filexxxxxxxxxxxxxx.xxxHigh
11Filexx-xxxxx/xxxx-xxx.xxxHigh
12Libraryxxxxxxxx-xx.xxxHigh
13ArgumentxxxxLow
14ArgumentxxxxxxxxxxxxxxxHigh
15Argumentxxxx_xxLow
16ArgumentxxLow
17Argumentxxxxxx_xxxxMedium
18Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!